Home Crypto Licences Crypto Custody License
Last updated: April 2026
CRYPTO LICENSING · CUSTODY AUTHORIZATION · INSTITUTIONAL GRADE

Crypto Custody License: Digital Asset Custodian Authorization 2026

Zurich lakeside historic buildings — Crypto Custody License: Digital Asset Custodian Authorizatio

Crypto custody — holding digital assets on behalf of institutional or retail clients — is one of the most heavily regulated activities in the crypto space. Custodians must obtain specific authorization in most major jurisdictions, with requirements ranging from insurance obligations and segregated wallet requirements to qualified custodian rules under investment funds law.

Institutional
Institutional-grade regulation required in all major markets
6–18 mo
Typical licensing timeline for institutional custody
$1M–$10M+
Capital requirements range for custody authorizations
Qualified Custody
Required for fund and investment adviser relationships
At a Glance
License Type Custody / CASP
Qualified Custody Varies by jurisdiction
Insurance Often required
Segregation Mandatory
Difficulty High
Zurich narrow street swiss flags — Crypto Custody License: Digital Asset Custodian Authorizatio

Qualified Custody Note: In the US, investment advisers managing crypto on behalf of clients must use a "qualified custodian." In the EU, MiCA requires CASP authorization for custodial services. Switzerland requires a FINMA banking license or specific DLT trading facility authorization for institutional custody. Failure to use a properly licensed custodian can result in regulatory violations for both the custodian and the investment adviser relying on their services.

Overview

Types of Crypto Custody Services and Their Regulation

Crypto custody encompasses a spectrum of services with different regulatory implications. Understanding which type of custody your business provides is the first step in determining which license is required.

Third-Party Custody is the provision of custody services to external clients — including retail users, institutional investors, crypto funds, or other financial intermediaries. This is the most heavily regulated form and typically requires a specific custody authorization or equivalent VASP/CASP license.

Qualified Custody refers to custody that meets the legal standards required for investment advisers or fund managers to delegate asset safekeeping. Qualifying requires meeting specific capital, insurance, operational, and regulatory status thresholds that go beyond standard VASP registration.

Prime Custody refers to full-service institutional custody including settlement, lending, staking, and reporting — typically offered by prime brokers. This requires the highest level of authorization and largest capital bases.

Self-Custody of a firm's own assets is generally unregulated. However, firms managing client money that use self-custody solutions may create regulatory obligations under existing investment management or payments law.

Top Jurisdictions

Best Jurisdictions for Crypto Custody Authorization

Institutional custody requires robust regulatory frameworks that institutional clients and their auditors will accept. The following jurisdictions offer the most credible and operationally practical custody authorization regimes in 2025.

Jurisdiction License Type Timeline Min Capital Corp Tax
Switzerland (FINMA) DLT Facility + Custody 6–12 months CHF 1M+ 8.5%
Germany (BaFin) Crypto Custody Business 6–12 months €730,000 15%
UAE ADGM (FSRA) Custody Authorization 6–12 months $1,000,000 0%
Singapore (MAS) Major Payment Institution 6–18 months S$1,000,000 17%
Liechtenstein (FMA) VT Custodian 6–12 months CHF 150,000 12.5%
Cayman Islands (CIMA) VASP Registration 4–8 months $500,000 0%
Insurance & Segregation

Insurance and Asset Segregation Requirements

Two operational requirements define institutional-grade crypto custody: comprehensive insurance and strict asset segregation. Both are required by top-tier regulators and expected by institutional clients regardless of jurisdiction.

Insurance requirements for crypto custodians typically include crime insurance (covering employee theft, cyber theft, and private key compromise), professional indemnity/errors and omissions coverage, and directors and officers liability. UAE ADGM mandates insurance proportionate to assets under custody. Singapore MAS expects custodians to maintain adequate insurance as part of the regulatory expectations for digital payment token service licensees. For institutional custody, market standard is insurance coverage of 100% of assets under custody, with a minimum floor of $50M–$100M for established custodians.

Asset segregation requirements mandate that client assets are kept separate from the custodian's own operating funds at all times, both legally and operationally. This means separate wallets, separate ledger accounts, and legal structures (such as trust arrangements or nominee ownership) that would protect client assets in an insolvency of the custodian. Most MiCA-compliant CASP authorizations require demonstrable operational segregation with regular reconciliation reports to clients.

Key management standards for institutional custody have converged around hardware security modules (HSMs), multi-party computation (MPC), and multi-signature (multi-sig) protocols. The industry standard is cold storage of at least 95% of client assets, with hot wallet balances covered by insurance. Regular third-party security audits (at minimum annually) are expected by institutional clients and required by regulators such as Singapore MAS and UAE ADGM.

  • Crime insurance covering theft, cyber incidents, and key compromise
  • Professional indemnity and E&O coverage
  • Strict client asset segregation — operational and legal
  • ≥95% cold storage with documented HSM/MPC architecture
  • Annual third-party security audit by qualified cybersecurity firm
  • Regular client reconciliation and custody reporting
  • Business continuity and key recovery protocols
Application Process

How to Obtain a Crypto Custody License

Institutional custody applications are among the most documentation-intensive regulatory processes in the crypto space. Allocate 3–6 months for preparation before formal submission, particularly for Swiss FINMA or Singapore MAS applications.

1
Jurisdiction Selection & Regulatory Pre-Engagement
Select jurisdiction based on target institutional clients, capital availability, and operational model. For most institutional custodians, Switzerland, UAE ADGM, or Singapore are the preferred starting points. Many regulators offer pre-application meetings — these are strongly recommended for custody authorizations and can significantly reduce later delays.
Month 1
2
Incorporate & Capitalize
Register the custodian entity in the licensing jurisdiction. Open a bank account and ensure minimum capital is fully paid up and available for regulatory inspection. Appoint qualified directors, a chief compliance officer, and a chief risk officer — all of whom will be subject to fit and proper assessments by the regulator.
Months 1–3
3
Build Operational Infrastructure
Commission HSM or MPC wallet infrastructure. Establish cold storage architecture with documented key management procedures. Engage insurance brokers for crime and professional indemnity coverage. Conduct a pre-submission penetration test and security audit. Build out AML/CFT policies, KYB procedures for institutional clients, and Transaction Monitoring systems.
Months 2–5
4
Submit Application
File the complete custody authorization application with all supporting documents. For Swiss FINMA and Singapore MAS, expect multiple rounds of questions and requests for additional information. Institutional custody applications typically take 6–12 months from submission to approval. Maintain availability of senior management for regulator meetings throughout the process.
Month 4 onward
5
Obtain Authorization & Launch
Upon approval, implement ongoing obligations: quarterly or annual regulatory reporting, client asset reconciliation, insurance renewal, annual security audits, and AML periodic reviews. Begin marketing to institutional clients with full authorization in place. Maintain a dedicated compliance function from day one of operations.
Post-approval
Cost Breakdown

Crypto Custody License Cost Comparison

Institutional custody licensing is the most capital-intensive category in crypto regulation. The cost ranges below reflect the minimum viable spend for each jurisdiction tier.

Cost Component Liechtenstein UAE ADGM Switzerland FINMA
State / Regulatory Fees CHF 5,000–10,000 $20,000–$40,000 CHF 50,000–150,000
Legal & Advisory Fees CHF 30,000–60,000 $60,000–$100,000 CHF 100,000–250,000
IT Security & Audit CHF 20,000–50,000 $25,000–$60,000 CHF 50,000–100,000
Insurance (annual premium) CHF 20,000–100,000 $50,000–$200,000 CHF 50,000–300,000
Minimum Capital (locked) CHF 150,000 $1,000,000 CHF 1,000,000+
Total Estimated Range (Y1) CHF 225K–370K $1.155M–$1.4M CHF 1.25M–1.8M
◆ CUSTODY LICENSE METRICS

Global Custody Requirements at a Glance

47
Jurisdictions with Crypto Custody Frameworks (2026)
12–18 weeks
Average FINMA DLT License Processing Time
CHF 250,000–2,000,000
Typical Capital Reserve Requirement (Switzerland)
€50,000–300,000
EU MiCA CASP Authorization Initial Fees
$500,000–5,000,000
US Qualified Custodian Net Worth Requirements
89%
Institutional Clients Requiring Third-Party Audit of Custody
◆ CUSTODY APPROACH COMPARISON

Bank-Linked vs. Independent Custody Models

Bank-Integrated Custody (via Banking License)
Regulatory Base FINMA Banking License (Art. 1 BankA)
Capital Requirement CHF 10,000,000 minimum
Approval Timeline 24–36 weeks
Custody Assets Held Bank balance sheet (co-mingled or segregated)
Client Base Unlimited institutional & retail
Insurance Coverage FINMA prudential oversight + deposit insurance eligible
Typical Annual Compliance Cost CHF 300,000–800,000
DLT-Specific Custody (FINMA DLT Facility)
Regulatory Base FINMA DLT Trading Facility Authorization (FinIA Art. 36)
Capital Requirement CHF 250,000–500,000 (risk-tiered)
Approval Timeline 12–18 weeks
Custody Assets Held Cold wallet/hardware (client segregation required)
Client Base Typically institutional; retail restrictions apply
Insurance Coverage Cyber insurance + client fund protection mandatory
Typical Annual Compliance Cost CHF 80,000–250,000
FAQ

Crypto Custody License Frequently Asked Questions

A qualified custodian is a regulated entity that meets specific legal standards for holding client assets. In the US, qualified custodians under the Investment Advisers Act include banks, broker-dealers, futures commission merchants, and certain foreign financial institutions. For crypto, the SEC has taken the position that most crypto custodians do not yet meet qualified custodian standards. In the EU, MiCA CASP authorization for custody services serves an equivalent function, while Switzerland's DLT trading facility authorization and banking license framework provide the relevant qualified custodian regime.
In most jurisdictions, a VASP or CASP authorization covering exchange activity also covers custody of client assets on the exchange. However, for standalone custody services — particularly institutional custody for funds, family offices, or other financial intermediaries — a separate or more specific authorization is often required. Germany BaFin requires a specific crypto custody business license (Kryptoverwahrgeschäft). Switzerland FINMA requires a DLT trading facility or banking license for professional custody. In these cases, a standard exchange license is insufficient.
Insurance is not universally mandatory but is strongly recommended and required in several top-tier jurisdictions. UAE ADGM (FSRA) requires custodians to maintain adequate insurance coverage. Singapore MAS guidance for major payment institutions holding digital assets includes insurance as a best practice expectation. Many institutional clients will not appoint a custodian that lacks crime insurance (covering theft, employee dishonesty, and cyber incidents) and errors and omissions coverage. A minimum coverage of 100% of assets under custody is the industry standard for institutional-grade custodians.
Minimum capital requirements for crypto custody licenses vary significantly by jurisdiction: Liechtenstein FMA requires CHF 150,000; Estonia FIU requires €100,000; Switzerland FINMA DLT facility requires CHF 1 million or more; Germany BaFin crypto custody requires €730,000 initial capital; UAE ADGM custody authorization requires $1 million; Singapore MAS major payment institution holding digital assets requires S$1 million. Offshore options like Cayman Islands CIMA require $500,000 minimum. For institutional-grade custody, plan for $1M+ in capital across all major jurisdictions.
The best jurisdiction depends on your client base and capital. For EU institutional clients, Switzerland (FINMA) or Liechtenstein (FMA) offer the strongest regulatory credibility with relatively efficient processes. For Middle Eastern or Asian institutional clients, UAE ADGM provides a world-class framework with 0% corporate tax. For retail-facing custody with lower capital requirements, Lithuania (FCIS MiCA transition) or Estonia (FIU) offer EU-accessible options at lower cost. For global crypto-native startups seeking offshore efficiency, Cayman Islands CIMA provides credibility with lighter capital requirements.
Initial licensing fees with FINMA typically range from CHF 5,000 to CHF 15,000 depending on the application complexity, while legal and consulting costs can add CHF 20,000 to CHF 50,000. Annual supervision fees are calculated based on managed assets and usually amount to 0.05% to 0.1% of assets under custody, with a minimum annual fee of CHF 10,000. Additional costs include compliance infrastructure, insurance premiums (typically 0.5% to 1.5% of assets), and ongoing audit expenses.
The standard FINMA approval timeline is 3 to 6 months, though this can extend to 12 months if the regulator requests substantial additional documentation or clarifications. Initial completeness checks typically take 2 to 4 weeks, followed by the substantive review phase. Processing times may be expedited to 2 to 3 months if your application is exceptionally well-prepared with comprehensive compliance frameworks already in place.
FINMA requires detailed organizational charts, risk management frameworks, internal audit reports, IT security assessments (preferably ISO 27001 certified), banking relationships documentation, beneficial ownership declarations, and a comprehensive business plan. You must also provide auditor confirmations, employee vetting records for key personnel, insurance policies (covering cybersecurity and operational risks), and detailed custody procedures documentation. All documents must be in German, French, Italian, or English and certified by licensed professionals.
Switzerland taxes custodians on their operational profits using the standard corporate tax rate, which varies by canton but averages 15% to 18% at the federal and cantonal levels combined. Zug specifically offers preferential tax treatment for financial services companies, with effective rates around 12% to 14%. You should be aware that custody fees are subject to VAT at 8.1%, and employees' salaries are subject to payroll taxes and social security contributions at approximately 10% to 12%.
FINMA requires custody operators to maintain segregated bank accounts with Swiss or internationally recognized banks, with most major Swiss banks requiring minimum operational capital of CHF 100,000 to CHF 500,000. Many traditional banks have withdrawn from crypto services, but specialized financial institutions and certain regional Swiss banks continue to support licensed custodians. You should initiate banking relationships early in your licensing process, as establishing accounts can take 2 to 4 months and requires FINMA pre-approval confirmation.
A Swiss FINMA-regulated custody license holds significant competitive advantage globally, particularly with European institutional clients, as Switzerland is recognized as a tier-one financial jurisdiction with rigorous oversight standards. This compares favorably to licenses in Malta or Cyprus, which face greater regulatory scrutiny from major financial centers, though Singapore and Hong Kong licenses may offer better market access in Asia-Pacific regions. Swiss licensees benefit from strong legal recognition, lower perceived compliance risk, and preferential treatment in partnership negotiations with major financial institutions and asset managers.
Licensed custodians must undergo annual FINMA supervision audits conducted by approved audit firms, submit comprehensive compliance reports detailing all custody holdings and security incidents, and maintain continuous IT security assessments with at least biennial third-party penetration testing. License renewal occurs every 3 years with FINMA, requiring updated risk management documentation, proof of adequate insurance coverage, and certification of ongoing staff compliance training. Additionally, any material changes to business operations, ownership structures, or custody procedures must be reported to FINMA within 30 days.
Related Licenses & Jurisdictions

Explore Related Pages

🏛️
VASP License
Complete guide80+ jurisdictions
👛
Wallet License
Custodial walletsMiCA Art.3
🇨🇭
Switzerland FINMA
DLT facility8.5% tax
🇩🇪
Germany BaFin
Custody license€730K capital

Get Your Custody License

We advise institutional custodians on optimal jurisdiction selection, capital planning, and the full authorization process. 400+ licenses obtained.

Free Consultation →
Quick Facts
Activity Crypto Custody
Difficulty High
Timeline 6–18 months
Min Capital (low) CHF 150,000
Min Capital (institutional) $1M+
Insurance Strongly required
Key Regulatory Refs
EU MiCA Art.3(1)(17)
Germany KWG §1 (1a) no.6
Switzerland DLT Act / FINMA
Singapore PSA 2019
Practitioner Insight

Practical Licensing Insight

Based on CryptoLicenses.net consulting data, 2024-2026

MH
Dr. Marcus Hartmann
Senior Licensing Consultant · LL.M. International Financial Law
22 years in financial services regulation. Advised 400+ crypto licensing mandates across 60+ jurisdictions. Based in Zug, Switzerland.
Free Consultation

Ready to Get Licensed?

Tell us about your project and we'll identify the right jurisdiction, outline the requirements, and give you a realistic cost estimate — at no charge.

  • 🇨🇭 Swiss-registered firm, Zug
  • ⚡ Response within a few hours
  • 🔒 Strictly confidential
  • ✓ 80+ jurisdictions covered

Confidential · No obligation · No spam